Vulnerabilities > CVE-2019-11785 - Missing Authorization vulnerability in Odoo

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
odoo
CWE-862

Summary

Improper access control in mail module (followers) in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on business records there were not given access to, and subscribe to receive future messages.

Vulnerable Configurations

Part Description Count
Application
Odoo
12

Common Weakness Enumeration (CWE)